or Connect
New Posts  All Forums:

Posts by auxio

 All you need to do is go back to the very beginning...   Never forget.
 Many companies (including ours) have come to the realization that the maintenance costs associated with the internal infrastructure required to share files is much higher than using a secure external hosting solution.  Not to mention the fact that most external solutions will also provide ways to access your files easily and securely from any device.  If your IT department isn't at least evaluating such options, I'd question their level of expertise and motives.
 https://en.wikipedia.org/wiki/Point_release 🖕
 And I'm fairly certain you could do all of this ever since the inception of 1Password in June 2006.  Agreed (that PGP encrypted text file I had with my passwords for years was only accessible via SSH).  But the fact is, people will always try to find ways to make things as easy as possible for themselves without understanding the implications.  It's the job of technology designers (especially in the field of security) to do as much as possible to protect people from...
Yes, I edited to include bad cell reception since I realize everyone here has an iPhone (which isn't always the case in the real world).
 Consider the situation where someone needs to use a shared PC that's set up with a projector in a meeting room and they find they have to log in to a website to get some information to share with the group (and it's not handy on their phone or they're getting bad reception).  These are the types of situations where someone might try to take a shortcut and just have a publicly accessible link to their 1PasswordAnywhere database. I actually did something similar for years...
That's assuming every device you want to access your 1Password data from supports iCloud (and you want to sync it to the device).  The whole reason why people are putting their 1Password database in publicly accessible places is because they want to be able to use it from anywhere (public computers, etc).
I misinterpreted the original article and thought that you could change the 1PasswordAnywhere database password using a reusable URL.  In which case, if someone was able to reuse that URL via discovering it in the unencrypted metadata, they'd have access to your entire 1Password account. This would be akin to being able to change your Keychain password using a URL (which you can't) and it exposing that same data. However, I now see that the blog post was talking about...
 ok, I'll put my time where my mouth is and test this out: I'll reset a password for a website I use, store it in my Keychain, and check to see if there's anything in the Keychain data which could expose this.  Given that no one has reported it as an issue (especially in light of this article), I'd be very surprised if there is.  But obviously one can't be certain without checking themselves.
If you can tell me how I can change my Keychain password with a URL, I'll rescind my comment.  It's simply not possible afaict. And yes, I understand that other URLs used for password changes might be stored in there, so that's a concern.  But the Keychain password itself cannot be compromised this way.
New Posts  All Forums: